Educating Security Means a New Approach

Presented at Notacon 8 (2011), April 15, 2011, 7 p.m. (60 minutes)

In a traditional educational environment we are taught in a linear, binary fashion. We are presented with a topic, drilled on the topic, tested on the topic, and pass or fail on the topic. Regardless of the outcome, we move on to build upon each part of the foundation we are given. As time has gone on we discovered not everyone learns the same way or at the same pace, so we identified the road blocks we faced and were given assistance in our areas of weakness. Yet after we leave school and enter the workforce we often fall back into the binary type of education/awareness where we pass or fail and remediation is granted after we fail too many times. There are new approaches in place today in the education system that can benefit the way we address security education/awareness programs and ultimately make our organizations stronger. In this discussion we will focus on topics like Response to Intervention and the three tier model, progress monitoring, and making security not seem so hard for general users.


  • Jeff Kirsch / ghostnomad as Jeff "ghostnomad" Kirsch
    After 14 years as both an internal/external auditor, I decided to "see the light" and got into the field of information security. Most of my time in audit was spent reviewing IT systems in both the private and public sector. Being a father of four young children helps me keep things simple, while being married to a School Neuropsychologist helps me understand the way people think and learn. Mixing that all together, I try to bring a different perspective by associating real life events to the challenges in information security at my blog while I try to simplify the complexities of Technology through the simplicity of Haiku at


Similar Presentations: